You are here:

Thanks to TurnKey community member John Carver it has come to our attention that all existing deployments of TurnKey Linux are potentially vulnerable to CVE-2016-5195. As reported by Andrej Nemec last week on the Red Hat bugtracker "An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system."

Background: For TurnKey 15 (codenamed TKLX) we're evaluating a change of architecture from the current generation of monolithic systems to systems as collections of container based micro-services. Essentially the service container replaces the package as the highest level system abstraction.

There are several layers to the new architecture, but the first step is to figure out the best way to create the service containers. Alon has been quietly working on this for the last couple of months and managed to slim down Debian to 12MB compressed for the base image:

Jeremy recently nudged me into taking a close look at IPFS and ZeroNet, two BitTorrent inspired projects aiming to help achieve a more resilient distributed web that levels the playing field and is less susceptible to centralized control.

Alon is contemplating replacing his laptop so I figured I would recommend he take a look at Purism, a company offering laptops that are designed for people that care about security and privacy.

Unfortunately, once I started looking a bit more closely at this little rabbit it ran deep down into its little rabbit hole and I discovered that in reality there are currently very very few hardware options for people that want a computer that is not backdoored with a sophisticated rootkit at the hardware level.

It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

About seven months after the release of v14.0 we are proud to announce the updated v14.1 release.

All of the v14.1 appliances are available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too although no ETA at present. All the other builds (e.g. ISO, OVA, Xen, etc.) can be downloaded from their respective appliance pages (eg. LAMP, WordPressNode.js etc). Alternatively the entire library can be downloaded via one of our mirrors.